From dba3de4451f29fc0b8cb6474b9bbb18ed61d9eac Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Thu, 1 Sep 2016 22:28:12 +0100
Subject: [PATCH] Remove the Principal field from the request
The server will always overwrite this field with the username obtained from
the auth provider. Allowing the client to set it is a waste of time.
---
cmd/cashierd/main.go | 4 ++--
lib/const.go | 1 -
server/signer/signer.go | 6 +++---
server/signer/signer_test.go | 11 ++++-------
4 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index e3aec93d..e71c126a 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -159,9 +159,9 @@ func signHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, er
if err != nil {
return http.StatusInternalServerError, err
}
- req.Principal = a.authprovider.Username(token)
+ username := a.authprovider.Username(token)
a.authprovider.Revoke(token) // We don't need this anymore.
- cert, err := a.sshKeySigner.SignUserKey(req)
+ cert, err := a.sshKeySigner.SignUserKey(req, username)
if err != nil {
return http.StatusInternalServerError, err
}
diff --git a/lib/const.go b/lib/const.go
index fd771a06..1ba27493 100644
--- a/lib/const.go
+++ b/lib/const.go
@@ -5,7 +5,6 @@ import "time"
// SignRequest represents a signing request sent to the server.
type SignRequest struct {
Key string `json:"key"`
- Principal string `json:"principal"`
ValidUntil time.Time `json:"valid_until"`
}
diff --git a/server/signer/signer.go b/server/signer/signer.go
index 0bff1c33..5ee170ae 100644
--- a/server/signer/signer.go
+++ b/server/signer/signer.go
@@ -27,7 +27,7 @@ type KeySigner struct {
}
// SignUserKey returns a signed ssh certificate.
-func (s *KeySigner) SignUserKey(req *lib.SignRequest) (*ssh.Certificate, error) {
+func (s *KeySigner) SignUserKey(req *lib.SignRequest, username string) (*ssh.Certificate, error) {
pubkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(req.Key))
if err != nil {
return nil, err
@@ -39,11 +39,11 @@ func (s *KeySigner) SignUserKey(req *lib.SignRequest) (*ssh.Certificate, error)
cert := &ssh.Certificate{
CertType: ssh.UserCert,
Key: pubkey,
- KeyId: fmt.Sprintf("%s_%d", req.Principal, time.Now().UTC().Unix()),
+ KeyId: fmt.Sprintf("%s_%d", username, time.Now().UTC().Unix()),
ValidBefore: uint64(req.ValidUntil.Unix()),
ValidAfter: uint64(time.Now().UTC().Add(-5 * time.Minute).Unix()),
}
- cert.ValidPrincipals = append(cert.ValidPrincipals, req.Principal)
+ cert.ValidPrincipals = append(cert.ValidPrincipals, username)
cert.ValidPrincipals = append(cert.ValidPrincipals, s.principals...)
cert.Extensions = s.permissions
if err := cert.SignCert(rand.Reader, s.ca); err != nil {
diff --git a/server/signer/signer_test.go b/server/signer/signer_test.go
index 805f0fc2..cdfb4ca2 100644
--- a/server/signer/signer_test.go
+++ b/server/signer/signer_test.go
@@ -27,10 +27,9 @@ func TestCert(t *testing.T) {
t.Parallel()
r := &lib.SignRequest{
Key: string(testdata.Pub),
- Principal: "gopher1",
ValidUntil: time.Now().Add(1 * time.Hour),
}
- cert, err := signer.SignUserKey(r)
+ cert, err := signer.SignUserKey(r, "gopher1")
if err != nil {
t.Error(err)
}
@@ -38,7 +37,7 @@ func TestCert(t *testing.T) {
t.Error("Cert signer and server signer don't match")
}
var principals []string
- principals = append(principals, r.Principal)
+ principals = append(principals, "gopher1")
principals = append(principals, signer.principals...)
if !reflect.DeepEqual(cert.ValidPrincipals, principals) {
t.Errorf("Expected %s, got %s", cert.ValidPrincipals, principals)
@@ -57,12 +56,10 @@ func TestRevocationList(t *testing.T) {
t.Parallel()
r := &lib.SignRequest{
Key: string(testdata.Pub),
- Principal: "revoked",
ValidUntil: time.Now().Add(1 * time.Hour),
}
- cert1, _ := signer.SignUserKey(r)
- r.Principal = "ok"
- cert2, _ := signer.SignUserKey(r)
+ cert1, _ := signer.SignUserKey(r, "revoked")
+ cert2, _ := signer.SignUserKey(r, "ok")
var rec []*store.CertRecord
rec = append(rec, &store.CertRecord{
KeyID: cert1.KeyId,
--
GitLab